<?
require("../../common/init.php");
require VIEW.'view_utility.php';

// session_start();

// language file 语言文件
include '../lang/'.$lang.'.php';
// 错误收集
$errors=array();

//密码错误允许次数
$num = 3;

$id=1;
$sign=ROOT_SIGNIN;
if(isset($_GET["id"]))if(is_numeric($_GET["id"]))$id=$_GET["id"];
if($id==3){
	setcookie("username", '', time()-3600,'/'); // signed out.
	setcookie("userid", 0, time()-3600,'/');
	wheel('../');
}

$action='you guess';
$temuser='';
if(isset($_COOKIE["temuser"]) && $_COOKIE["temuser"]!="" ) $temuser=$_COOKIE["temuser"];
//yell($temsign.$_COOKIE["temsign"]);

if(isset($_POST["username"]) && $_POST["username"]!="")$username=cleanhtml($_POST["username"]);
if(isset($_POST["password"]) && $_POST["password"]!="")$password=cleanhtml($_POST["password"]);
if(isset($_POST["action"]) && $_POST["action"]!="")$action=cleanhtml($_POST["action"]);
if($action=='csignin'){
	if(! $user->check_unique('username', $username)){
		//cry(ROOT_USER_NOT_EXIST, 'login.php');
		$errors[]=array('message'=>ROOT_USER_NOT_EXIST,'type'=>'alert','url'=>'login.php');
		//else echo mysql_error();
	}
	else {
		//判断当前用户的上一次登录时间是否大于 1天
		$userid=$user->get_id('username',$username);
		$user_arr = $user->get_row($userid);
		$errr_time=$user_arr['error_time'];
		$flag = $user_arr['flag'];
		$now_time=time();

		//错误登录 后 24小时
		$error_time_24 = strtotime(date('Y-m-d H:i:s', strtotime("+1 day, $errr_time")));
		if($now_time>=$error_time_24){
			unset($_SESSION['login_error']);
			$arr=array(
			'flag'=>1,
			);
			$user->update($arr, 'id', $userid);
		}
		if($flag==0) {
			echo '<script>alert("密码错误超过3次了,请明天在登录");</script>';
			echo '<script>location="../"</script>';
			}
		if($user->check_sign($username, $password)){
			setcookie("username", encrypt($username), time()+3600*24*7,'/'); // signed in successfully and store info.
			$userid=$user->get_id('username',$username);

			setcookie("userid", encrypt($userid), time()+3600*24*7,'/');
			$user->update_last_login_time($id);
			$errors[]=array('message'=>'','type'=>'nothing','url'=>'index.php');
			//wheel('index.php');
		}

		else{ 
		setcookie("temuser", $username, time()+3600);
		
		$errors[]=array('message'=>ROOT_WRONG_PASSWORD,'type'=>'alert','url'=>'login.php');
			//cry(ROOT_WRONG_PASSWORD, 'login.php?id=1');

		if(!empty($_SESSION['login_error'])){
			if($_SESSION['login_error']>=$num){
				$userid=$user->get_id('username',$username);
				$arr=array(
				'flag'=>0,
				);
				$user->update($arr, 'id', $userid);
				// exit("密码错误3次了");
				// yell("密码错误超过3次了",'../'); exit;
				echo '<script>alert("密码错误超过3次了,请明天在登录");</script>';
				echo '<script>location="../"</script>';
			}
			else
				$_SESSION['login_error']+=1;
		}else{
			$_SESSION['login_error']=1;
			$time=date('Y-m-d H:i:s', time());
			$userid=$user->get_id('username',$username);
			$arr=array(
			'error_time'=>$time,
			);
			$user->update($arr, 'id', $userid);
			}
		}
	}
}
//echo md5('panda2011');
$code1=rand(5, 10);
$code2=rand(0, 5);
$code3=rand(0, 5);
$codes=$code1+$code2-$code3;
$coder=$code1.' + '.$code2.' - '.$code3.' = ?';
// pre($_POST);exit;

require ROOTVIEW.'login.php';
?>